Android Malware Found In Low Cost Phones

Posted by — May 26, 2018 in News 0 39

In December 2016, the Russian antivirus vendor, Dr. Web, revealed that various mobile carriers had been infected with malware. Dr. Web helped with finding malware in at least 26 low-cost Android smartphones and tablets and it followed a period of no such incidents. However, the incident is still happening and expanding today.

Difficulty in finding the culprit

Avast, a cyber-security firm, is having a difficult time tracking the moment when the malware is inserted in devices because there are too many affected ones. The criminal operation infects a device the second it has the opportunity to access its firmware. But Avast did manage to take down the group’s command-and-control server, but they simply infected another hosting provider until the domain registrar discredited their domain name.

The only common element found in infected devices in over 90 countries is that they all have a Mediatek chipset. However, if Mediatek was the culprit, how come just a handful of devices for a specific model harbour the malware and not all of them? It wouldn’t make sense.

More signs of malware infection

Avast released a report on May 25th mentioning that the group has continued their operation. As in Dr. Web’s reports, the malware hasn’t been updated and operates in the same way. Avast published a list of over 140 Android tablets and smartphones which have Casiloon, the group’s malware. However, there are times when the malware won’t download – when the public IP is from a Chinese IP range, the language is set to Chinese and when the apps installed internally are more than three. Avast hasn’t been able to confirm that avoiding Chinese users because of law enforcement attention is the reason for the group’s strange activity.

The group seems to be interested in generating revenues only through ads. In almost all cases, ads are displayed on the Android interface itself or on top of other apps. The malware runs from the “/system” folder to connect to a remote server, downloads an XML file and then grabs any app the group choses and installs it without any user influence.

Henry R. Lares

Henry Lares is still early into his career as tech reporter but has already had his work published in many major publications including Tech Crunch and the Huffington Post.  In regards to academics, Henry earned an engineering degree from Apex Technical School. Henry has a passion for emerging technology and covers upcoming products and breakthroughs in science and tech.

You might like

Master the Road: Top Apps and Video Games to Learn Driving Skills

The Smartphones of the Future: The Out-of-This-World Shapes That Our Beloved Gadgets May Have in the Near Future

The NoxPlayer Android Emulator for PC: How Good Is the Software?

Orange Pi Neo: The Upcoming Handheld Console Comes Equipped With Manjaro Linux

XDefiant: When Is the Game Coming Out?

Mach Speed Marvels: Exploring the World’s Fastest Jet Planes

About the Author: Henry R. Lares

Henry Lares is still early into his career as tech reporter but has already had his work published in many major publications including Tech Crunch and the Huffington Post.  In regards to academics, Henry earned an engineering degree from Apex Technical School. Henry has a passion for emerging technology and covers upcoming products and breakthroughs in science and tech.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.